September 4, 2014 By Steven D'Alfonso 8 min read

In 2009, the United Nations Office on Drugs and Crime estimated that transnational organized crime (TOC) activities were valued at $870 billion, or approximately 1.5 percent of global GDP. Today, TOC value is well above $1 trillion per year. This amount of money has the potential to compromise legitimate economies and have a direct political impact on elections through corruption and bribery.

Crime committed across international borders by organized crime groups (OCGs) is nothing new. The U.S. branch of the Italian Mafia, La Cosa Nostra, has been a major influence for nearly 100 years. Colombian cartels and Mexican drug-trafficking organizations (DTOs) have been operating within the United States for decades. So what has changed?

Intelligence community documents, congressional hearings and media reports point to a growing international convergence of OCGs and terror organizations to take advantage of the specialized skills and assets of each group.

For example, there is evidence of Hezbollah establishing a strong base in Latin America over the past decade or more and working with Mexican DTOs to launder money, finance terrorism and smuggle people. According to Jennifer Hesterman, author of “The Terrorist-Criminal Nexus,” the Italian Mafia has worked with al-Qaida, and DTOs with U.S. outlaw motorcycle gangs, to carry out illicit operations. These are groups with diverging interests, goals and philosophies, yet they are working together to capitalize on each other’s specific skills or assets.


In January 2010, the U.S. government completed a review of international organized crime (IOC), the first comprehensive study of IOC since 1995. It found that IOC had expanded dramatically, leading the government to alter its position and view IOC as a serious national security threat. Based on organized crime’s expansion across national boundaries and the influence it exerts, the government adopted a new moniker: TOC. TOC more accurately reflects its reach and the potential impact from converging threats of drug-, human- and weapons-trafficking organizations with traditional terrorist groups, such as Hezbollah.

“In years past, TOC was largely regional in scope, hierarchically structured and had only occasional links to terrorism,” according to the National Security Council. “Today’s criminal networks are fluid, striking new allegiances with other networks around the world and engaging in a wide range of illicit activities, including cybercrime and providing support for terrorism.”

TOC presents an international threat to financial systems through cybercrime and sophisticated fraud schemes to create channels to fund terror campaigns and mass-casualty weapons. TOC includes all types of profit-motivated crime involving more than one country and including the following:

  • Money laundering
  • Financial fraud
  • Counterfeit goods
  • Terrorist financing
  • Drug trafficking
  • Human trafficking
  • Migrant smuggling
  • Weapons trafficking
  • Cybercrime (certain aspects)

Developing countries with limited resources may be particularly vulnerable, which creates opportunities for TOCs to provide financial assistance in exchange for being allowed to operate more freely. One compromised country may lead to others, creating a regional cluster for organized crime.

For example, Hezbollah has a strong foothold in the Tri-Border Area (TBA) in Latin America. According to a 2012 Majority Report of the U.S. House Committee on Homeland Security, the large Lebanese population and friendly local governments provide Hezbollah a base from which to operate in the Western Hemisphere. The report says that the TBA is the largest underground economy in the Western Hemisphere, providing Hezbollah with an estimated $12 billion a year in illegal commerce. Financial crimes are a specialty in the TBA and include money laundering, intellectual property fraud, counterfeiting and smuggling.

Transnational Organized Crime Growth Factors

For decades, organized crime was largely local and regional. In the 1900s, as Europeans immigrated to the United States, so, too, did members of OCGs, the most notable being the Italian Mafia. They not only established their groups in the United States, but they maintained their links back to Italy in an early transnational crime network.

Later that century, Colombian drug cartels made inroads in the United States, creating international drug-trafficking organizations and the model Mexican drug organizations would later use as they rose to power.

TOCs have expanded over the past 25 years due to a number of factors. The collapse of the Soviet Union and the rise of the European Union created many loosely controlled borders from Europe to the Pacific, according to Louise Shelley in her book “Human Traffic and Transnational Crime.” With easier movement of people and goods throughout the European Union, OCGs were better able to expand their operations across borders. The collapse of the Soviet Union and subsequent privatization initiatives allowed Russian OCGs to grab power and money, which helped fuel their growth.

The expansion of commercial air travel and international scope of legitimate businesses created opportunities for TOCs to move goods, money and people around the globe. According to the World Trade Organization, world trade has grown more than 170 percent since 1990 and worldwide free trade zones have grown rapidly since 2000. The combination of these two has allowed criminal groups to transfer illicit goods and launder money through trade-based techniques with minimal risk.

An estimated 25 million cargo containers enter U.S. ports annually and are valued at more than $18 trillion. Although this information is not disclosed, it is believed that U.S. Customs and Border Protection inspects less than 10 percent of the containers.

The trusted shipper programs, designed to increase the efficiency of cross-border shipments of goods between the United States, Canada and Mexico, are exploited by OCGs. They pose as legitimate traders (using companies that have been compromised) and gain safe passage for smuggled goods such as weapons, drugs and cigarettes across the U.S. borders. With only a fraction of the trucks crossing the borders searched, trucking has become an ideal channel for drug trafficking and human smuggling. According to a National Post article, an RCMP intelligence report, obtained by a freelance journalist, said that truckers who earn $1,000 or less per week could make as much as $28,000 for shipments of cocaine to Montreal from California.

Panama is a major hub for the transshipment of maritime containers, many of which originate in cocaine-producing countries in South America and are destined for Europe and North America. New Panamax ships can carry twice the number of containers than conventional Panamax ships. TOCs are well aware that very few containers are inspected, so they conceal illicit cargo within legitimate shipments. The canal expansion will also drive an increase in trade-based money laundering between South America, North America and Europe.

Additionally, increased communication abilities via cell phones, email and the Internet further organizations’ enhanced ability to expand their reach into all corners of the world. The rise of social media has dramatically increased the ability for TOCs to connect, sell stolen property such as credit cards and identities and generate massive amounts of revenue through online fraud schemes. Regarding terrorist groups, social media has become an invaluable tool to raise awareness and recruit new members. This development is a significant factor in the increased “lone wolf” threat, such as the kind seen in the Boston Marathon bombing and the shooting at Fort Hood, Texas.

TOCs are now able to decentralize their operations and establish “branches” in foreign countries. Globalization has improved the prospects of legitimate businesses, but it has also fueled the growth of TOC. The increased globalization of trade, communication and logistics has helped TOC evolve into sophisticated organizations not unlike a multinational corporation. Organized crime and terrorism may have achieved equal status, as fraud, extortion and other OCG activities are needed to fund terror operations.

Reach of Organized Crime

Over the past 25 years, organized crime and terrorist organizations have developed working relationships, recognizing that they may accomplish more and achieve more success using the expertise and specializations of each other’s networks. Despite their often dissimilar goals and/or cultural animuses, varied criminal and terror groups are working together. This is the corporate equivalent of outsourcing.

Large corporations must have vast networks of employees with varying expertise, such as lawyers, accountants and logistics, located around the world. TOCs operate similarly on an international scale, forging partnerships with other OCGs to leverage expertise.

According to the report “Methods and Motives: Exploring Links Between Transnational Organized Crime & International Terrorism,” while organized crime is traditionally associated with the Mafia or drug trafficking, it can extend to money laundering and white-collar crimes such as insurance, mortgage and prescription fraud. The differences between the OCGs and terror groups are numerous. Terrorists pursue political and/or religious objectives through overt violence against civilians and military targets.

OCGs are driven by profit; they are “in business” to make money. Terrorist groups, motivated by ideology, only need money to fund their operations, so they turn to OCGs for the money they need to survive and operate. Each group will look to another for lessons learned and strategy development. Strategies include funding, recruiting, training and morale-boosting techniques. Groups that possess a specialized capability will sell or trade on that capability.

The collaboration between Hezbollah and the Mexican drug cartels is one example of an increasing convergence of organized crime and terrorism. Mexican drug cartel tunnels have increasingly become more advanced with the addition of ventilation, lighting, high ceilings, medical facilities, dormitories and other high-tech features. The engineering features in these tunnels are believed to be the work of Hezbollah, which has created a vast network of tunnels in Lebanon to protect its members from Israeli airstrikes.

Cybercriminal Threats on the Rise

In addition to OCGs and terrorist groups converging, there has also been an increasing convergence of nation-states and cybercriminal organizations. As cybercriminals have become more sophisticated, they have often taken on a patriotic role by waging cyberwarfare on behalf of governments. Evidence of this can be seen as far back as the 1990s in Chechnya and Kosovo, as discussed in FireEye’s “World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks” report.

Those patriotic roles persist today around the world. Social unrest and challenging political landscapes across Eastern Europe and the Middle East have given cybercriminals ample opportunity to act in the name of their country or ideological movement. Additionally, there is an active market in which certain governments will hire cybercrime groups to carry out attacks or acts of espionage against other governments and private companies.

“FireEye researchers have even seen one nation-state develop and use a sophisticated Trojan and later (after its own counter-Trojan measures were in place) sell it to cybercriminals on the black market,” according to the report. “Thus, some cyberattack campaigns may be the hallmarks of both state and nonstate actors, making positive attribution almost impossible.”

In today’s world of organized crime, bad actors sell their specialized services to assist in the execution of large frauds and money laundering. For example, the following is an example of actors involved in a data breach that compromised thousands of credit card holders, a common occurrence today. The possible location is intended to show the transnational reach of the organizations and their interactions with other OCGs.

  • The target company must be breached and credit card information harvested by hackers.
  • The raw credit card data must be sold, which is done through a “carding forum” on the Internet. The group that stole the card information is paid, and their involvement is ended.
  • The owner of the card information must now make online purchases of merchandise or create fake cards with the stolen information encoded. In either case, the fraudster will need individuals to accept delivery of merchandise or money derived from the operation. These individuals are called “money mules” and are available from groups known as mule herders.
  • Mule herders constantly recruit suspecting or unsuspecting people to accept cash or receive goods on behalf of the foreign OCG. Mules are often recruited through Internet advertisements for “work-at-home” schemes. The mules may accept merchandise and reship to a foreign address, or they will accept and deposit worthless checks into accounts in their own name and subsequently wire money out of the account to a foreign account — minus their fee. Mules are typically the ones that are left to be caught.

The Convergence of Organized Crime Groups and Terrorist Organizations

The convergence of OCGs and terrorist organizations has progressed rapidly over the past 25 years. Advances in technology and commerce that have benefited society and the economy have helped fuel the growth and expansion of TOC. Criminal organizations are very adaptive and are able to modify their behavior in response to pressure from governments and law enforcement. While this type of crime will likely never be eradicated, it can be hindered. Financial institutions are ideally positioned to identify suspicious activity and assist law enforcement’s investigations.

Financial institutions should also have a robust counter-financial-crime process in place by integrating their fraud, anti-money-laundering and cybersecurity functions to enhance their ability to detect and prevent illicit activity.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today